All home Wi-Fi gear comes with the bricks and mortar to put up at least a basic security wall against intruders and eavesdroppers, but McAfee wants to sell consumers a better trowel for building it.
The company's McAfee Wireless Home Network Security software automatically sets up encryption keys on Wi-Fi routers and the PCs connected to them, then rotates the keys every three hours. It will work with older Wi-Fi systems that use the WEP (Wired Equivalent Privacy) encryption system, as well as current equipment that also supports the newer WPA (Wi-Fi Protected Access) and WPA 2.0 technologies. The software will go on sale online next week and in stores next month.
McAfee's software is designed to keep intruders – either malicious ‘war drivers’ or neighbours who just want to freeload on a broadband internet connection – from getting on to WLANs (wireless LANs) and from deciphering the packets that travel over the network. Once on a WLAN, intruders can steal information, intercept messages and install harmful programs. As consumers rapidly embrace Wi-Fi for their home networks, many are not using any security, usually because they can't figure out how to set it up, according to industry analysts and other observers.
The security company isn't alone in trying to attack the problem. Broadcom, which makes the chips used in many popular WLAN products, has developed a simplified security setup technology that was introduced in some Cisco products last month and may be coming to other vendors' offerings soon. And the Wi-Fi Alliance, the industry group that certifies Wi-Fi gear, plans to create a standard for easy security setup in the first half of next year. Vendors will be able to have it certified as a check-off item on their products.
After loading McAfee's software on a PC, users can set up security in a few easy steps. McAfee uses the standard Wi-Fi security mechanisms, but also produces a stronger key than most consumers can and adds automatic key rotation, the firm says. The full features of the software work on any PC running Windows 98 Second Edition, Me, 2000 or XP. To use any client with another operating system, the user has to get the automatically generated key and enter it manually, with automatic key rotation turned off.
The software saves consumers from having to log into the web browser page of the Wi-Fi router and, typically, going through a series of settings pages. Once loaded on the first PC, the software detects an insecure WLAN nearby and asks if the user wants to protect the network. If they confirm it, the software puts a key on the PC, sets up a secure connection to the router and sets up the same key on the router. To add another system to the network, the user loads the software, and a screen will pop up on any PC that's already on the protected LAN. That existing user can accept or reject the new participant.
McAfee's software needs special code to work with various Wi-Fi routers because they don't all have the same web interface for setup. The tool works with most of the popular Wi-Fi routers, including models from Cisco Systems' Linksys division, D-Link and Belkin.
By default, McAfee's software uses WEP, the lowest common denominator of Wi-Fi security. If they want to use WPA or WPA 2.0, users will have to manually change the setting. But even with WEP, McAfee offers better-than-average security both by rotating the encryption keys and by creating a strong key. The automatically generated keys are harder for hackers to crack than the typical key created by a consumer, which typically uses words that can be discovered via a ‘dictionary’ attack that tries to spell out common words.